Snort mailing list archives
Snortsam / Portscanning Detection
From: Tuomas Groves <tjgroves () comcast net>
Date: Mon, 29 Dec 2003 11:45:39 -0800
Hey everyone,I was going to try to get our PIX firewall setup with snort / snortsam and I had a question. We are interested in having the firewall block the offending IP address when we receive a portscan, but I could not figure out where we should place the "fwsam: src, 5 minutes;" entry. Because in snort 2.1.0, I do not know about previous versions, the portscanning detection is a preprocessor. If I set the "output-mode" to "pktkludge" I can see it in the alerts database and everything, but as I said, I have no idea how to set a different output plug-in for this. That is if it can even currently be done. Any help would be greatly appreciated.
Tuomas Groves ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snortsam / Portscanning Detection Tuomas Groves (Dec 29)
- Re: Snortsam / Portscanning Detection Frank Knobbe (Dec 29)
- Re: Snortsam / Portscanning Detection christian graf (Dec 31)